UK & European Cookie Law Solution (Free Script)

June 1, 2011 by in Development

A European cookie law that regulates the use of web browser cookies is now in effect in the UK. That cookie law is based on guidelines set by the European Union. In a nutshell, the law states that websites must get a user’s consent before storing cookies on their device (computer, mobile phone, iPad, etc). There’s a lot of confusion around the UK law, and the EU regulation:

  • Does it apply to companies based outside the UK?
  • It allows an exception for cookies that are ‘strictly necessary’. What counts? Shopping cart cookies do. But what about analytics? Login cookies?

Browser Cookie Solution Screenshot
There are no clear answers. The UK did promise to phase in enforcement over time. But if this law succeeds, more cookie regulation is on the horizon. If you own a web site, chances are, you’re placing cookies on visitor’s computers, and you need to comply.

So, we’ve built a simple way to comply with the regulation and its free. Read on to get the code and implement it on your own site.

Note: You use this code at your own risk. We’re not responsible if the UK finds you in violation of their law.

The Solution

Browser Cookie Solution Screenshot
Portent has come up with a simple javascript solution to help you comply with the new European cookie laws. Using the help of a javascript location detection script from GeoBytes.com, the script prompts a user in the EU to consent to the site writing cookies to their device. If the user consents, a cookie is written, set to expire in 90 days, giving the user full access to the site and the cookies it normally writes. If the user does not consent, the script will redirect the user to a static cookie consent information page.
Browser Cookie Solution Screenshot

The Script: cookieConsent.js

/**
 * Script by Portent, an internet marketing agency. www.eigene-homepage-erstellen.net
*/

// change this variable to match your domain
var sitedomain = "example-domain.com";

function cookieConsent(sGeobytesInternet,sGeobytesMapReference) {
	if (! Get_Cookie( 'cookieConsent' ) == true ) {
	    if (typeof(sGeobytesInternet) == "undefined") {
	       // Something has gone wrong with the variables, so set them to some default value,
	       // maybe set a error flag to check for later on.
	       var sGeobytesInternet = "unknown";
	    }
		if (typeof(sGeobytesMapReference) == "undefined") {
			var sGeobytesMapReference = "unknown";
		}
		if (sGeobytesMapReference == "Europe") {
			if (confirm("We need your consent to set browser cookies we use on this site. Press 'OK' to give your consent. For more information, please read our privacy policy.")) {
				// parameters for Set_Cookie: name, value, expires, path, domain, secure
				Set_Cookie( 'cookieConsent', true, '90', '/', sitedomain, '' );
			} else {
				// parameters for Delete_Cookie: name, path, domain
				Delete_Cookie('cookieConsent', '/', sitedomain);
				window.location = "http://www." + sitedomain + "/cookie-consent.htm";
			}
	    }
	} else if ( Get_Cookie( 'cookieConsent') == false ) {
		Delete_Cookie('cookieConsent', '/', sitedomain);
		window.location = "http://www." + sitedomain + "/cookie-consent.htm";
	}
}

function acceptCookies() {
	// parameters for Set_Cookie: name, value, expires, path, domain, secure
	Set_Cookie( 'cookieConsent', true, '90', '/', sitedomain, '' );
	alert("You have consented to allowing cookies. Click 'OK' to continue to the homepage.");
	window.location = "http://www." + sitedomain + "/";
}

function denyCookies() {
	// parameters for Delete_Cookie: name, path, domain
	Delete_Cookie('cookieConsent', '/', sitedomain);
	alert("You have choosen to NOT consent to allowing cookies.");
	window.location = "http://www." + sitedomain + "/cookie-consent.htm";
}

function Set_Cookie( name, value, expires, path, domain, secure ) {
	// set time, it's in milliseconds
	var today = new Date();
	today.setTime( today.getTime() );

	/*
	if the expires variable is set, make the correct
	expires time, the current script below will set
	it for x number of days, to make it for hours,
	delete * 24, for minutes, delete * 60 * 24
	*/
	if ( expires )	{
		expires = expires * 1000 * 60 * 60 * 24;
	}
	var expires_date = new Date( today.getTime() + (expires) );

	document.cookie = name + "=" +escape( value ) +
	( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
	( ( path ) ? ";path=" + path : "" ) +
	( ( domain ) ? ";domain=" + domain : "" ) +
	( ( secure ) ? ";secure" : "" );
}

function Get_Cookie( check_name ) {
	// first we'll split this cookie up into name/value pairs
	// note: document.cookie only returns name=value, not the other components
	var a_all_cookies = document.cookie.split( ';' );
	var a_temp_cookie = '';
	var cookie_name = '';
	var cookie_value = '';
	var b_cookie_found = false; // set boolean t/f default f

	for ( i = 0; i < a_all_cookies.length; i++ ) {
		// now we'll split apart each name=value pair
		a_temp_cookie = a_all_cookies[i].split( '=' );

		// and trim left/right whitespace while we're at it
		cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');

		// if the extracted name matches passed check_name
		if ( cookie_name == check_name ) {
			b_cookie_found = true;
			// we need to handle case where cookie has no value but exists (no = sign, that is):
			if ( a_temp_cookie.length > 1 )	{
				cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
			}
			// note that in cases where cookie is initialized but no value, null is returned
			return cookie_value;
			break;
		}
		a_temp_cookie = null;
		cookie_name = '';
	}
	if ( !b_cookie_found )	{
		return null;
	}
}

// this deletes the cookie when called
function Delete_Cookie( name, path, domain ) {
if ( Get_Cookie( name ) ) document.cookie = name + "=" +
( ( path ) ? ";path=" + path : "") +
( ( domain ) ? ";domain=" + domain : "" ) +
";expires=Thu, 01-Jan-1970 00:00:01 GMT";
}

Copy the script code above and create a file named cookieConsent.js. Then, make sure you include the javascript file on every page of your site that writes cookies. This will most likely be all of them, especially if you have analytics tracking throughout your site. Put this includes in your header:

To initiate the script, after page load, put this code snippet just above the end body tag on every page that writes cookies:

Static Cookie Consent HTML page: cookie-consent.htm

Browser Cookie Solution Screenshot
This is the page that should be created that gets redirected to when a user does NOT consent to allowing cookies on your site. This page should not write any cookies (analytics, etc.), but provide the user with more information about the cookies used on your site and the choice to accept them again. Here is an example of information for a site that uses cookies for tracking a user’s statistics on the site:




COOKIE CONSENT


Europe requires that we alert our visitors if we use cookies on our website. We only use cookies for traffic data purposes and do not store any personal data. For more information, please visit our Privacy Policy.

To use our website, click here to consent to accepting cookies.

To no longer use cookies on our site, click here.

You must talk to your attorney before you set up this page. Portent is not a law firm, and we’re not giving legal advice.

More Information

For more information regarding the EU Cookie Laws and suggested updates, see the following:

Tags: , ,

No comments yet.